A Covered Entity(CE) or Business Associate(BA) needs to legally comply with the federal HIPAA/HITECH compliance assurance’s security, privacy, and breach rules/standards to protect individuals’ electronic Protected Health Information. A2LA’s accredited process and databrackets’ certified privacy and security professionals can help your organization comply with the HIPAA/HITECH compliance assurance requirement in a most efficient and cost-effective way.
Why Does HIPAA/HITECH Compliance Matter?
Our deliverables include but not limited to:
Technical Security Risk Assessment Report
Customized Information Security Policy
Unprotected PHI Data Breach Policy
Other Customized Policies and Procedures
Automated Forms and Process Implementation
Vendor Compliance and Review
Key HIPAA/HITECH Regulations:
The HIPAA Privacy Rule
Requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures. The Rule also gives patients rights over their health information, including rights to examine and obtain a copy of their health records and to request corrections.
The HIPAA Security Rule
Establishes national standards to protect individuals’ electronic personal health information (ePHI) that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of ePHI.
Breach Notification Rule
45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information pursuant to section 13407 of the HITECH Act.
HHS’ Office for Civil Rights is responsible for enforcing the Privacy and Security Rules.
Full text is located at 45 CFR Part 160 and Subparts A and C of Part 164.